General
-
Target
0bf18c2fadf0d89a693baad0e10c59eb19ba00da7a60c789818ceecc26d6a201
-
Size
158KB
-
Sample
221127-qbdbbsaa43
-
MD5
3b4f29d17f9ebf02f55cfcf02d018d4c
-
SHA1
d97a1c8e0925d9e040a50490d05e20f28394666b
-
SHA256
0bf18c2fadf0d89a693baad0e10c59eb19ba00da7a60c789818ceecc26d6a201
-
SHA512
4009016c258de999a5525e22efb88576b7b5b7f84410cf7eccc7d58e005e9f71127879cafea0d27251e9d5af0b70350066b8ec0a70227a0f4dac87b4a5406afb
-
SSDEEP
3072:1Asj8MBX8s0oXJbqmBF36Z3xOaWg2iWBv2rKmOy7ZpWg8pqX4P1ko3PaS2:1AsBZBqmj6uy2iE8K9y9pWg8nx2
Malware Config
Targets
-
-
Target
0bf18c2fadf0d89a693baad0e10c59eb19ba00da7a60c789818ceecc26d6a201
-
Size
158KB
-
MD5
3b4f29d17f9ebf02f55cfcf02d018d4c
-
SHA1
d97a1c8e0925d9e040a50490d05e20f28394666b
-
SHA256
0bf18c2fadf0d89a693baad0e10c59eb19ba00da7a60c789818ceecc26d6a201
-
SHA512
4009016c258de999a5525e22efb88576b7b5b7f84410cf7eccc7d58e005e9f71127879cafea0d27251e9d5af0b70350066b8ec0a70227a0f4dac87b4a5406afb
-
SSDEEP
3072:1Asj8MBX8s0oXJbqmBF36Z3xOaWg2iWBv2rKmOy7ZpWg8pqX4P1ko3PaS2:1AsBZBqmj6uy2iE8K9y9pWg8nx2
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-